Re: Network Hardware Layout w/SBS
From: Les Connor [SBS Community Member - SBS MVP] (les.connor_at_DEL.cfive.ca)
Date: 02/09/05
- Next message: Anon: "Re: Unusual Network Topology - advice please!"
- Previous message: Justin Crosby [MSFT]: "RE: SBS 2003 newbie- question"
- In reply to: cwoltemath_at_kc.rr.com: "Re: Network Hardware Layout w/SBS"
- Next in thread: CCW_at_kc.rr.com: "Re: Network Hardware Layout w/SBS"
- Reply: CCW_at_kc.rr.com: "Re: Network Hardware Layout w/SBS"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 9 Feb 2005 09:47:50 -0600
Two hardware devices.
The wireless Access Point on the lan needs only be an AP. Some soho
gateway/router/switches can be set up as Access Points, but a purely AP is
probably less expensive and simpler to configure.
On the external side, the DHCP would need to be configured to offer IPs on
the same subnet as your external nic. Computers connected here are still in
a private network, but are outside the lan. If they want internal resources,
then the connection type might depend on what resouces they want to access.
As far as I'm concerned, if they require lan resources it's just plain
easier for them to connect to the wireless AP on the lan.
Coming from the external side -VPN is a valid method, perhaps not the best
in all cases though. There's OWA, RWW, and Outlook RPC/HTTP - these all work
without a VPN, and from any allowed external location - not just this
particular location.
If you have both internal and external wireless APs, then for those
requiring access to internal resources, there just isn't any point in
connecting to the external network. Those such as visitors who want internet
access connect to the external network, the very reason it's there is to
keep them outside your lan.
-
Les Connor [SBS Community Member - SBS MVP]
-----------------------------------------------------------
SBS Rocks !
<cwoltemath@kc.rr.com> wrote in message
news:4209ecad.6566682@news-server.kc.rr.com...
> Thanks for your response. I'm finding out you're right.
> Do you use one set of internal wireless hardware and one set of
> external hardware? I need two access points to cover my property so
> that may complicate things as far as hardware goes. Can I somehow
> bring some internal static addresses in through the external nic
> without using VPN or do I just duplicate the hardware on the internal
> side.
>
> On Tue, 8 Feb 2005 21:42:45 -0600, "Les Connor [SBS Community Member -
> SBS MVP]" <les.connor@DEL.cfive.ca> wrote:
>
>>I think it depends what the wireless is for, internal access (user
>>accounts
>>on the SBS), or external (such as visitors).
>>
>>For intenal users, it's simpler to have a wireless AP on the lan, the SBS
>>DHCP server will look after internal clients. For external users, you
>>could
>>utilize an external gateway/router with wirless, running it's own DHCP.
>>You
>>reserve the SBS external nic IP. You can set up security on the external
>>any
>>way you like, but if it's primarily for visitor use, then it can be lower
>>security than the internal wireless, where you want the max.
>>
>>I have an SBS at home, with both internal and external. I use the
>>internal,
>>my kids are at university and come and go with their laptops, so they use
>>the external ;-).
>>
>>--
>>Les Connor [SBS Community Member - SBS MVP]
>>-----------------------------------------------------------
>>SBS Rocks !
>>
>>
>><cwoltemath@kc.rr.com> wrote in message
>>news:42095e20.245920314@news-server.kc.rr.com...
>>> Thank you everyone for your response. Now I'm trying to "dial in"
>>> my wireless. From what I've read, I'm better off to confine my
>>> wireless connections to the "perimeter" network and vpn back in. My
>>> router (192.168.1.1) gets its IP from the cable modem (public IP) and
>>> uses dhcp to give my sbs server 192.168.16.2. The router also hands
>>> out 192.168.1.3-51 to various wireless devices. All the wireless
>>> devices use WEP.
>>>
>>> 1) Is it OK to use my router's DHCP and have my SBS server also using
>>> DHCP "below" the router with a different set of addresses or does this
>>> violate the SBS rules?
>>>
>>> 2) Should I use static IP addresses from my router to the wireless
>>> devices and/or the SBS server?
>>>
>>> I plan on setting the wireless devices to vpn back into the server.
>>> After I accomplish this I'd like to use dyndns.org or something
>>> similar to access the server with OWA and activesync. I'm also
>>> planning on providing some guests with wireless internet access.
>>>
>>> BTW This 100 year old copy of Free Agent still works pretty well!
>>>
>>> Thanks
>>>
>>> On Thu, 3 Feb 2005 12:14:07 -0600, "Les Connor [SBS Community Member -
>>> SBS MVP]" <les.connor@DEL.cfive.ca> wrote:
>>>
>>>>Hi CCW,
>>>>
>>>>Your setup looks fine. With SBS Standard, running the CEICW (connect to
>>>>the
>>>>internet) wizard will configure RRAS to allow the internal resources you
>>>>select to be available from the internet.
>>>>
>>>>The only other measure you have available to you without further
>>>>investment
>>>>is to ensure that your router is only allowing traffic on the ports that
>>>>are
>>>>actually required. These are:
>>>>
>>>>25 (if you host your own email)
>>>>80 (optionally, not required) - will re-direct to port 443
>>>>443 (for SSL - OWA, RWW, Outlook RPC/HTTP)
>>>>4125 (for 'Connect to my Computer/Server') in RWW
>>>>
>>>>Some other less common ports are:
>>>>
>>>>110 (if you enable pop server)
>>>>1723 (if you enable VPN - generally called VPN Passthrough on the
>>>>router)
>>>>3389 (if you want direct access to the server desktop via RDP)
>>>>
>>>>SBS with a two nics, and a router gives you reasonable protection from
>>>>the
>>>>outside. It doesn't give you much flexibility for outgoing security, but
>>>>many small biz's aren't concerned with that at this point. ISA (included
>>>>in
>>>>SBS Premium) is a great solution for enhancing your internet security
>>>>overall.
>>>>
>>>>
>>>>--
>>>>Les Connor [SBS Community Member - SBS MVP]
>>>>-----------------------------------------------------------
>>>>SBS Rocks !
>>>>
>>>>
>>>><ccw@kc.rr.com> wrote in message
>>>>news:42026034.337098640@news-server.kc.rr.com...
>>>>> I've been lurking in this group for a few months now trying set up my
>>>>> system as "right" as I can. I'm not having any major problems(that I
>>>>> know of) that I haven't been able to cure with a little reading and
>>>>> searching. But, I do have some doubts about my protection from the
>>>>> outside world. I'd appreciate it if someone could tell me if I'm
>>>>> doing anything "major league" wrong as I'm think I'm ready delve into
>>>>> the "remote" world.
>>>>>
>>>>> I'm running SBS Standard with 2 Nics.
>>>>> Internet>Netgear wireless router>Internal Nic>SBS>External
>>>>> Nic>Switch>Clients
>>>>> All XP2 Clients with AV software
>>>>> Server AV software.
>>>>> Microsoft Windows [Version 5.2.3790]
>>>>> (C) Copyright 1985-2003 Microsoft Corp.
>>>>>
>>>>> (Server) Windows IP Configuration
>>>>>
>>>>> Host Name . . . . . . . . . . . . : Host_Name
>>>>> Primary Dns Suffix . . . . . . . : CompanyName.local
>>>>> Node Type . . . . . . . . . . . . : Unknown
>>>>> IP Routing Enabled. . . . . . . . : Yes
>>>>> WINS Proxy Enabled. . . . . . . . : Yes
>>>>> DNS Suffix Search List. . . . . . : CompanyName.local
>>>>>
>>>>> Ethernet adapter Network Connection:
>>>>>
>>>>> Connection-specific DNS Suffix . :
>>>>> Description . . . . . . . . . . . : D-Link DGE-530T Gigabit
>>>>> Ethernet Adapter
>>>>> #2
>>>>> Physical Address. . . . . . . . . : 00-0F-3D-F0-AF-C4
>>>>> DHCP Enabled. . . . . . . . . . . : Yes
>>>>> Autoconfiguration Enabled . . . . : Yes
>>>>> IP Address. . . . . . . . . . . . : 192.168.1.2
>>>>> Subnet Mask . . . . . . . . . . . : 255.255.255.0
>>>>> Default Gateway . . . . . . . . . : 192.168.1.1
>>>>> DHCP Server . . . . . . . . . . . : 192.168.1.1
>>>>> DNS Servers . . . . . . . . . . . : 192.168.16.2
>>>>> NetBIOS over Tcpip. . . . . . . . : Disabled
>>>>> Lease Obtained. . . . . . . . . . : Thursday, February 03, 2005
>>>>> 5:50:53 AM
>>>>> Lease Expires . . . . . . . . . . : Friday, February 04, 2005
>>>>> 5:50:53 AM
>>>>>
>>>>> Ethernet adapter Server Local Area Connection:
>>>>>
>>>>> Connection-specific DNS Suffix . :
>>>>> Description . . . . . . . . . . . : D-Link DGE-530T Gigabit
>>>>> Ethernet Adapter
>>>>> Physical Address. . . . . . . . . : 00-0F-3D-F1-96-A0
>>>>> DHCP Enabled. . . . . . . . . . . : No
>>>>> IP Address. . . . . . . . . . . . : 192.168.16.2
>>>>> Subnet Mask . . . . . . . . . . . : 255.255.255.0
>>>>> Default Gateway . . . . . . . . . :
>>>>> DNS Servers . . . . . . . . . . . : 192.168.16.2
>>>>> Primary WINS Server . . . . . . . : 192.168.16.2
>>>>>
>>>>>
>>>>> (Client) Windows IP Configuration
>>>>>
>>>>> Host Name . . . . . . . . . . . . : HostName01
>>>>> Primary Dns Suffix . . . . . . . :
>>>>> Node Type . . . . . . . . . . . . : Hybrid
>>>>> IP Routing Enabled. . . . . . . . : No
>>>>> WINS Proxy Enabled. . . . . . . . : No
>>>>> DNS Suffix Search List. . . . . . : CompanyName.local
>>>>>
>>>>> Ethernet adapter Local Area Connection:
>>>>>
>>>>> Connection-specific DNS Suffix . : CompanyName.local
>>>>> Description . . . . . . . . . . . : Intel(R) PRO/100 S Desktop
>>>>> Adapter
>>>>> Physical Address. . . . . . . . . : 00-02-B3-9A-70-39
>>>>> Dhcp Enabled. . . . . . . . . . . : Yes
>>>>> Autoconfiguration Enabled . . . . : Yes
>>>>> IP Address. . . . . . . . . . . . : 192.168.16.10
>>>>> Subnet Mask . . . . . . . . . . . : 255.255.255.0
>>>>> Default Gateway . . . . . . . . . : 192.168.16.2
>>>>> DHCP Server . . . . . . . . . . . : 192.168.16.2
>>>>> DNS Servers . . . . . . . . . . . : 192.168.16.2
>>>>> Primary WINS Server . . . . . . . : 192.168.16.2
>>>>> Lease Obtained. . . . . . . . . . : Wednesday, February 02,
>>>>> 2005 6:24:12
>>>>> PM
>>>>> Lease Expires . . . . . . . . . . : Thursday, February 10,
>>>>> 2005 6:24:12
>>>>>
>>>>>
>>>>
>>>>
>>>
>>
>>
>
- Next message: Anon: "Re: Unusual Network Topology - advice please!"
- Previous message: Justin Crosby [MSFT]: "RE: SBS 2003 newbie- question"
- In reply to: cwoltemath_at_kc.rr.com: "Re: Network Hardware Layout w/SBS"
- Next in thread: CCW_at_kc.rr.com: "Re: Network Hardware Layout w/SBS"
- Reply: CCW_at_kc.rr.com: "Re: Network Hardware Layout w/SBS"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
